34 lines
1.4 KiB
Plaintext
34 lines
1.4 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Agent Auto-Auth Cert Method
|
|
sidebar_title: Cert
|
|
description: Cert Method for Vault Agent Auto-Auth
|
|
---
|
|
|
|
# Vault Agent Auto-Auth Cert Method
|
|
|
|
The `cert` method uses the configured TLS certificates from the `vault` stanza of
|
|
the agent configuration and takes an optional `name` parameter. There is no option
|
|
to use certificates which differ from those used in the `vault` stanza.
|
|
|
|
It is strongly advised to provide TLS settings in the configuration stanza
|
|
within the auth method to avoid agent cache, if also enabled, from using the
|
|
same TLS settings when proxying requests. If TLS settings are not present in the
|
|
config stanza, Agent will fall back to using TLS settings from the [`vault`
|
|
Stanza](/docs/agent#vault-stanza).
|
|
|
|
## Configuration
|
|
|
|
- `name` `(string: optional)` - The trusted certificate role which should be used
|
|
when authenticating with TLS. If a `name` is not specified, the auth method will
|
|
try to authenticate against [all trusted certificates](/docs/auth/cert#authentication).
|
|
|
|
- `ca_cert` `(string: optional)` - Path on the local disk to a single
|
|
PEM-encoded CA certificate to verify the Vault server's SSL certificate.
|
|
|
|
- `client_cert` `(string: optional)` - Path on the local disk to a single
|
|
PEM-encoded client certificate to use for cert auth method authentication.
|
|
|
|
- `client_key` `(string: optional)` - Path on the local disk to a single
|
|
PEM-encoded private key matching the client certificate from client_cert.
|